If a node (V) accepts incoming connections, is he vulnerable to becoming completely surrounded by corrupted nodes? Would an attacker be able to control which transactions are relayed to V and which transactions V is able to broadcast to the network?

I assume for this to happen V would have to, over time, lose connections to honest nodes to have them replaced by the attackers'.

If so, in what circumstances would the Bitcoin client lose connection with an honest node, other than it going offline?

1 Answer
1

I don't know how frequently this occurs but the Bitcoin.org client (using default settings) will, after some amount of time (in the several minutes range, if I remember correctly), intentionally drop the existing connection and connect to a new peer chosen from the list of peers it knows about.

So the duration available to the attacker to feed the node corrupt (invalid) data is not very long.

If the node will be used to honor payments on 0/unconfirmed, then a race attack is a possibility so the recommendation is to not allow any incoming transactions and to have only outgoing connections and even then only to well-connected nodes.

Wouldn't an attacker with man-in-the-middle capabilities be able to hijack all connections to the bitcoin network (incoming and outgoing), masquerading as many different nodes?
–
nivsApr 4 '13 at 10:09